General
-
Target
02fa44b9687f061867ed258f14e0542ba8c3af5db68f69fda02c94b73cd9568b
-
Size
5KB
-
Sample
230131-j3ej5shc61
-
MD5
335ebfd3421b0c58c258bbff94fd7f9d
-
SHA1
164f6cb1b5bc5c0905de512d355363705cd62154
-
SHA256
02fa44b9687f061867ed258f14e0542ba8c3af5db68f69fda02c94b73cd9568b
-
SHA512
51714c30b8b9d76cc5e455657d142b31da378d3c244b646ff1d5968b167d9147f37a839076d957395f6fadece78724f5d15694e59eb1d524643e245e4d8cc13e
-
SSDEEP
96:Dyyxn79v4uL1bhycQmntWWvk+dl8J/66sfeYId3ojilrl:f9v4uL1bhycbnzvkg8J/6NIdP
Static task
static1
Behavioral task
behavioral1
Sample
02fa44b9687f061867ed258f14e0542ba8c3af5db68f69fda02c94b73cd9568b.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
asyncrat
0.5.7B
System Guard Runtime
85.105.88.221:2531
System Guard Runtime
-
delay
3
-
install
false
-
install_file
System Guard Runtime
-
install_folder
%AppData%
Targets
-
-
Target
02fa44b9687f061867ed258f14e0542ba8c3af5db68f69fda02c94b73cd9568b
-
Size
5KB
-
MD5
335ebfd3421b0c58c258bbff94fd7f9d
-
SHA1
164f6cb1b5bc5c0905de512d355363705cd62154
-
SHA256
02fa44b9687f061867ed258f14e0542ba8c3af5db68f69fda02c94b73cd9568b
-
SHA512
51714c30b8b9d76cc5e455657d142b31da378d3c244b646ff1d5968b167d9147f37a839076d957395f6fadece78724f5d15694e59eb1d524643e245e4d8cc13e
-
SSDEEP
96:Dyyxn79v4uL1bhycQmntWWvk+dl8J/66sfeYId3ojilrl:f9v4uL1bhycbnzvkg8J/6NIdP
Score10/10-
Async RAT payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-